Method and apparatus for determining access permissions in a partitioned data processing system

ABSTRACT

In a data processing system having a plurality of resources and plurality of partitions, each partition including one or more resources of the plurality of resources, a method includes receiving an access request to a target resource of the plurality of resources; using a first set of transaction attributes of the access request to determine a partition identifier for the access request in which the partition identifier indicates a partition of the plurality of partitions which includes the target resource; using the partition identifier to determine access permissions for the partition indicated by the partition identifier; and based on the access permissions, determining whether or not the access request is permitted.

BACKGROUND

1. Field

This disclosure relates generally to data processing systems, and morespecifically, to determining access permissions in a data processingsystem that employs more than one partition.

2. Related Art

Partitions in data processing systems are becoming increasingly commonwith the development of data processing systems. A partition typicallycontains a processor core and a number of specified resources orspecified portions of a resource such as memory within the system. Whenan access request is received, it is necessary to determine whichpartition, if any, is to respond to the access request. For example, arequest to access memory may arrive. Access permission is determinedbased on attributes associated with the request. The hardware associatedwith this process can be very significant.

Accordingly, there is a need for determining access permissions in apartitioned data processing system that improves upon one or more of theissues raised above.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example and is notlimited by the accompanying figures, in which like references indicatesimilar elements. Elements in the figures are illustrated for simplicityand clarity and have not necessarily been drawn to scale.

FIG. 1 is block diagram of a system according to an embodiment;

FIG. 2 is a block diagram of a portion of the embodiment of FIG. 1;

FIG. 3 is a block diagram of another portion of the embodiment of FIG.1; and

FIG. 4 is a flow chart according to a method of operating the system ofFIG. 1.

DETAILED DESCRIPTION

A data processing system that has partitions and receives accessrequests, first determines to which partition the access requestrelates. It then identifies the attributes associated with the accessrequest and the identified partition and applies the attributes todetermine if the request will be applied or rejected. This is betterunderstood by reference to the drawings and the following specification.

Shown in FIG. 1 is a system 10 comprising an integrated circuit 12 aswell as resources external to integrated circuit 12. Integrated circuit12 comprises processor 14, a processor 16, other modules 18, coherencyinterconnect circuitry 20, a memory controller 22, access decisioncircuitry 24, permissions determination circuitry 26, an I/O controller28, an I/O 30, permissions determination circuitry 32, an I/O controller34, and an I/O 36. Resources external to integrated circuit 12 includeresources 40, 42, and 44 coupled to I/O 30, resources 46, 48, and 50coupled to I/O 36, and a memory 38 coupled to memory controller 22.System 10 has a partition 52 and a partition 54, and may have otherpartitions not shown. Partition 52 comprises processor 14, permissionsdetermination circuitry 26, I/O controller 28, I/O 30, and resources 40,42, 44, and 46. Partition 54 comprises processor 16 and resources 48 and50. Processor 14 is also identified as processor 1 as part of the firstpartition, partition 52. Similarly, processor 54 is also identified asprocessor 2 as part of second partition, partition 54. Access decisioncircuitry 24, permissions determination circuitry 32, I/O controller 34,and controller I/O are in and shared by both partition 52 and partition54. The combination of I/O 36, I/O circuitry 34, permissionsdetermination circuitry 32, and access decision circuitry 24 as afunctional unit may be called partition access control circuitry.

Processor 14, processor 16, other modules 18, memory controller 22, andaccess decision circuitry are coupled to coherency interconnectcircuitry 20. Coherency interconnect circuitry 20 performs the functionof coordinating the various demands of the processors 52 and 54 with theavailable resources. Permissions determination circuitry 26 is coupledto access decision circuitry 24 and I/O controller 28. Permissiondetermination circuitry is coupled to access decision circuitry 24 andI/O controller 34.

In operation, partitions 52 and 54 perform tasks independently of eachother. Memory controller interfaces with memory 38 and coherencyinterconnect circuitry 20 to provide well organized accesses to memory38 by partitions 52 and 54 in a manner well understood in the art.Memory 38 may be considered a shared resource for partitions 52 and 54,or memory 38 may be divided into sections in which a first specifiedsection is part of partition 52 and a second specified section isidentified as part of partition 54. In the described example as shown inFIG. 1, partition 52 includes the first specified section of memory 38,and partition 54 includes a second specified section of memory 38.

Shown in FIG. 2 is a table look-up circuit 60 that is part of I/Ocontroller 34. Table look-up circuit 60 receives a transaction attributesignal that is a multi-bit signal that is a portion of the accessrequest. Table look-up circuit 60 stores information that correlates theinput to a partition. For each received input, which may be consideredan index, there is an output that identifies a partition. Thus thislook-up table is relatively small in that for each entry there is verysmall amount of information. The result is that the particular partitionis identified in response to the access request. Thus, table look-upcircuit 60 may be considered a partition identifier. Table look-upcircuit 60 may also be considered a storage circuit.

Shown in FIG. 3 is a table look-up circuit 62 that is part ofpermissions determination circuit 32. Circuit receives the identifiedpartition information an access address which is part of the accessrequest. For each partition there is a relatively lengthy entry whichprovides permissions for each page that is possible for the partition.The access address identifies the page for the selected partition. Theresult is that the permissions are output for the identified partitionand the page as identified by the access address. The size of look-uptable is also relatively small because there are only a few entries, buteach entry may have a significant amount of information. The combinationof table look-up circuits 60 and 62 is far smaller than a single memorythat had the number of entries of look-up table 60 and the amount ofinformation per entry of table look-up circuit 62 coupled together. Forexample, a system with four partitions and 16 pages would consume 20entries vs. 64 entries. Table look-up circuit 62 may also be considereda storage circuit.

Shown in FIG. 4 is a method of operating system 10. In a step 64 anaccess request is received at an I/O port. For example, the accessrequest may be from resource 46, which is part of partition 52, and maytarget a resource such as memory 38. In the case of the access requestbeing for accessing a memory location, at least a portion of the accessrequest is an address. After receiving the access request, at a step 66I/O controller 34 processes the access to obtain a first set oftransaction attributes of the access request and then uses the first setof transaction attributes to identify the partition corresponding to theaccess request. In this example partition 52, the first partition,should be the partition identified because resource 46 is in partition52 as determined by the attributes associated with this partition entry.This identification is achieved using look-up table 60 of FIG. 2. Shownin a step 68, access permissions of the access request are determinedusing the identified partition and a second set of transactionattributes obtained from the access request. In the case of the accessrequest being a memory access, the second set of attributes wouldnormally be the address of the location in memory for which access isbeing requested. The permissions for the access request are determinedby using table look-up circuit 62 of FIG. 3. In step 70, the permissionsthat are determined in step 68 are used in determining if the accessrequest is valid. If so, as shown in step 72, the access request isprocessed. If not, as shown in step 74, the access request is rejectedand an error condition that may be called an access permission violationis generated by access decision circuitry 24.

Dividing the task of identifying the partition and determining accesspermissions into two distinct steps results in a reduction in the amountof storage space while also providing the benefit of allowing a port tobe shared by two different partitions. Dedicating the ports to a singlepartition simplifies the process of identifying the partition but losesflexibility in optimizing partitions. In the described embodiment, bothsmall circuit size and flexible partitions are obtained.

By now it should be appreciated that there has been provided a method ina data processing system having a plurality of resources and pluralityof partitions, each partition including one or more resources of theplurality of resources. The method includes receiving an access requestto a target resource of the plurality of resources. The method includesusing a first set of transaction attributes of the access request todetermine a partition identifier for the access request, the partitionidentifier indicating a partition of the plurality of partitions whichincludes the target resource. The method includes using the partitionidentifier to determine access permissions for the partition indicatedby the partition identifier. The method includes based on the accesspermissions, determining whether or not the access request is permitted.The method may have a further characterization by which the using thefirst set of transaction attributes of the access request to determinethe partition identifier for the access request comprises using a deviceidentifier of a device which provided the access request. The method mayhave a further characterization by which the using the partitionidentifier to determine access permissions comprises using the partitionidentifier and a second set of transaction attributes to determine theaccess permissions. The method may have a further characterization bywhich the using the partition identifier and the second set oftransaction attributes to determine the access permissions comprisesusing the partition identifier and an access address of the accessrequest to determine the access permissions. The method may have afurther characterization by which the data processing system furthercomprises an input/output (I/O) port, and may further comprise prior tothe receiving the access request, storing a partition identifiercorresponding to each device coupled to the I/O port of the dataprocessing system in a first table. The method may have a furthercharacterization by which the using the first set of transactionattributes of the access request to determine the partition identifierfor the access request comprises using the first set of transactionattributes to access the first table to determine the partitionidentifier for the access request. The method may have a furthercharacterization by which a plurality of devices are coupled to the I/Oport, and wherein the storing the partition identifier corresponding toeach device coupled to the I/O port in the first table comprises storinga first partition identifier corresponding to a first device of theplurality of devices in the first table and storing a second partitionidentifier corresponding to the second device of the plurality ofdevices in the first table, wherein each of the first partitionidentifier and the second partition identifier indicates a differentpartition of the plurality of partitions. The method may furthercomprise prior to the receiving the access request, storing accesspermissions corresponding to each partition of the plurality ofpartitions in a second table. The method may have a furthercharacterization by which the using the partition identifier todetermine the access permissions for the partition indicated by thepartition identifier comprises using the partition identifier to accessthe second table to determine the access permissions for the partitionindicated by the partition identifier.

Also described is a partitioned data processing system. The dataprocessing system includes interconnect circuitry. The data processingsystem further includes a processor coupled to the interconnectcircuitry. The data processing system further includes a plurality ofresources coupled to the interconnect circuitry, wherein each partitionof the partitioned data processing system includes a set of theplurality of resources. The data processing system further includes aninput/output (I/O) port. The data processing system further includespartition access control circuitry coupled between the I/O port and theinterconnect circuitry, wherein the partition access control circuitry,in response to receiving an access request from the I/O port to a targetresource of the plurality of resources, determines a partitionidentifier for the access request based on a first set of transactionattributes of the access request wherein the partition identifierindicates a partition of the partitioned data processing system whichincludes the target resource, uses the partition identifier to determineaccess permissions for the partition indicated by the partitionidentifier, and uses the access permissions to determine whether or notthe access request is permitted. The data processing system may furthercomprise storage circuitry which stores a partition identifiercorresponding to each device coupled to the I/O port of the partitioneddata processing system. The data processing system may further comprisesecond storage circuitry which stores access permissions correspondingto each partition of the partitioned data processing system. The dataprocessing system may have a further characterization by which the firstset of transaction attributes comprises a device identifier of a devicecoupled to the I/O port which provided the access request. The dataprocessing system may have a further characterization by which thepartition access control circuitry uses a second set of transactionattributes of the access request in addition to the partition identifierto determine the access permissions for the partition indicated by thepartition identifier. The data processing system may have a furthercharacterization by which wherein the second set of transactionattributes comprises an access address of the access request. The dataprocessing system may further comprise a first external device coupledto the I/O port, wherein a first partition includes the first externaldevice; and a second external device coupled to the I/O port, wherein asecond partition, different from the first partition, includes thesecond external device.

Described also is a method In a data processing system having aplurality of resources and a plurality of partitions, each partition ofthe plurality of partitions including one or more resources of theplurality of resources. The data processing system includes receiving anaccess request from an external device to an access address of a targetresource of the plurality of resources. The data processing systemfurther includes using a source identifier of the external device todetermine a partition identifier for the access request, the partitionidentifier indicating a partition of the plurality of partitions whichincludes the target resource. The data processing system furtherincludes using the partition identifier and the access address of theaccess request to determine access permissions for the partitionindicated by the partition identifier. The data processing systemfurther includes, based on the access permissions, determining whetheror not the access request is permitted. The data processing system mayfurther comprise prior to the receiving the access request, storing apartition identifier corresponding to each device coupled to the I/Oport of the data processing system in a first table; and, prior to thereceiving the access request, storing access permissions correspondingto each partition of the plurality of partitions in a second table. Thedata processing system may further comprise, when the access request ispermitted, applying an access request policy to perform the accessrequest; and, when the access request is not permitted, rejecting theaccess request and generating an access permission violation. The dataprocessing system may be further characterized by which the I/O port isfurther characterized as a Peripheral Component Interconnect (PCI) port.

Because the apparatus implementing the present invention is, for themost part, composed of electronic components and circuits known to thoseskilled in the art, circuit details will not be explained in any greaterextent than that considered necessary as illustrated above, for theunderstanding and appreciation of the underlying concepts of the presentinvention and in order not to obfuscate or distract from the teachingsof the present invention.

Although the invention is described herein with reference to specificembodiments, various modifications and changes can be made withoutdeparting from the scope of the present invention as set forth in theclaims below. For example, other architectures than that shown in FIG. 1may be effective. Accordingly, the specification and figures are to beregarded in an illustrative rather than a restrictive sense, and allsuch modifications are intended to be included within the scope of thepresent invention. Any benefits, advantages, or solutions to problemsthat are described herein with regard to specific embodiments are notintended to be construed as a critical, required, or essential featureor element of any or all the claims.

The term “coupled,” as used herein, is not intended to be limited to adirect coupling or a mechanical coupling.

Furthermore, the terms “a” or “an,” as used herein, are defined as oneor more than one. Also, the use of introductory phrases such as “atleast one” and “one or more” in the claims should not be construed toimply that the introduction of another claim element by the indefinitearticles “a” or “an” limits any particular claim containing suchintroduced claim element to inventions containing only one such element,even when the same claim includes the introductory phrases “one or more”or “at least one” and indefinite articles such as “a” or “an.” The sameholds true for the use of definite articles.

Unless stated otherwise, terms such as “first” and “second” are used toarbitrarily distinguish between the elements such terms describe. Thus,these terms are not necessarily intended to indicate temporal or otherprioritization of such elements.

The invention claimed is:
 1. In a data processing system having aplurality of resources and plurality of partitions, each partitionincluding one or more resources of the plurality of resources, a methodcomprising: receiving an access request to a target resource of theplurality of resources; using a first set of transaction attributes ofthe access request to determine a partition identifier for the accessrequest, the partition identifier indicating a partition of theplurality of partitions which includes the target resource, wherein eachpartition comprises a processor core and a group of resources; using thepartition identifier to determine access permissions for the partitionindicated by the partition identifier; and based on the accesspermissions, determining whether or not the access request is permitted;wherein the data processing system further comprises an input/output(I/O) port, the method further comprising: prior to the receiving theaccess request, storing a partition identifier corresponding to eachdevice coupled to the I/O port of the data processing system in a firsttable; and prior to the receiving the access request, storing accesspermissions corresponding to each partition of the plurality ofpartitions in a second table.
 2. The method of claim 1, wherein theusing the first set of transaction attributes of the access request todetermine the partition identifier for the access request comprisesusing a device identifier of a device which provided the access request.3. The method of claim 1, wherein the using the partition identifier todetermine access permissions comprises using the partition identifierand a second set of transaction attributes to determine the accesspermissions.
 4. The method of claim 3, wherein the using the partitionidentifier and the second set of transaction attributes to determine theaccess permissions comprises using the partition identifier and anaccess address of the access request to determine the accesspermissions.
 5. The method of claim 1, wherein the using the first setof transaction attributes of the access request to determine thepartition identifier for the access request comprises using the firstset of transaction attributes to access the first table to determine thepartition identifier for the access request.
 6. The method of claim 1,wherein a plurality of devices are coupled to the I/O port, and whereinthe storing the partition identifier corresponding to each devicecoupled to the I/O port in the first table comprises storing a firstpartition identifier corresponding to a first device of the plurality ofdevices in the first table and storing a second partition identifiercorresponding to the second device of the plurality of devices in thefirst table, wherein each of the first partition identifier and thesecond partition identifier indicates a different partition of theplurality of partitions.
 7. The method of claim 1, wherein the using thepartition identifier to determine the access permissions for thepartition indicated by the partition identifier comprises using thepartition identifier to access the second table to determine the accesspermissions for the partition indicated by the partition identifier. 8.A partitioned data processing system comprising: interconnect circuitry;a processor coupled to the interconnect circuitry; a plurality ofresources coupled to the interconnect circuitry, wherein each partitionof the partitioned data processing system includes a processor core anda set of the plurality of resources; an input/output (I/O) port;partition access control circuitry coupled between the I/O port and theinterconnect circuitry, wherein the partition access control circuitry,in response to receiving an access request from the I/O port to a targetresource of the plurality of resources, determines a partitionidentifier for the access request based on a first set of transactionattributes of the access request wherein the partition identifierindicates a partition of the partitioned data processing system whichincludes the target resource, uses the partition identifier to determineaccess permissions for the partition indicated by the partitionidentifier, and uses the access permissions to determine whether or notthe access request is permitted; wherein storage circuitry which storesa partition identifier corresponding to each device coupled to the I/Oport of the partitioned data processing system; and wherein secondstorage circuitry which stores access permissions corresponding to eachpartition of the partitioned data processing system.
 9. The partitioneddata processing system of claim 8, wherein the first set of transactionattributes comprises a device identifier of a device coupled to the I/Oport which provided the access request.
 10. The partitioned dataprocessing system of claim 8, wherein the partition access controlcircuitry uses a second set of transaction attributes of the accessrequest in addition to the partition identifier to determine the accesspermissions for the partition indicated by the partition identifier. 11.The partitioned data processing system of claim 10, wherein the secondset of transaction attributes comprises an access address of the accessrequest.
 12. The partitioned data processing system of claim 8, furthercomprising: a first external device coupled to the I/O port, wherein afirst partition includes the first external device; and a secondexternal device coupled to the I/O port, wherein a second partition,different from the first partition, includes the second external device.13. The partitioned data processing system of claim 12, wherein the I/Oport is further characterized as a Peripheral Component Interconnect(PCI) port.
 14. In a data processing system having a plurality ofresources and a plurality of partitions, each partition of the pluralityof partitions including a processor core and one or more resources ofthe plurality of resources, a method comprising: receiving an accessrequest from an external device to an access address of a targetresource of the plurality of resources; using a source identifier of theexternal device to determine a partition identifier for the accessrequest, the partition identifier indicating a partition of theplurality of partitions which includes the target resource; using thepartition identifier and the access address of the access request todetermine access permissions for the partition indicated by thepartition identifier; and based on the access permissions, determiningwhether or not the access request is permitted; wherein the dataprocessing system further comprises an input/output (I/O) port, themethod further comprising: prior to the receiving the access request,storing a partition identifier corresponding to each device coupled tothe I/O port of the data processing system in a first table; and priorto the receiving the access request, storing access permissionscorresponding to each partition of the plurality of partitions in asecond table.
 15. The method of claim 14, further comprising: when theaccess request is permitted, applying an access request policy toperform the access request; and when the access request is notpermitted, rejecting the access request and generating an accesspermission violation.